A challenging problem in managing large networks may be the complexity of security administration. Within an organization, roles may be created for various job functions. Members of staff (or other system users) may be assigned particular roles, and may perform particular system functions associated with those roles. The permissions to perform the particular system functions may typically be encoded within access control lists (ACLs) associated with management applications. In order to update role permissions or restrictions, ACL modification may be necessary. However, several challenges may be presented with ACL modification, such as unintended consequences with ACLs modification and ACLs maintenance through application upgrades.